package com.boxuegu.websecurity.bbs.controller;

import com.boxuegu.websecurity.bbs.domain.Message;
import com.boxuegu.websecurity.bbs.service.MessageService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.Date;

/**
 * 报名留言系统前台  控制器
 *
 * @author Jam Fang  https://www.jianshu.com/u/0977ede560d4
 * @version 创建时间：2019.10.8 15:39
 */
@Controller
public class IndexController {
    @Autowired
    private MessageService messageService;

    /**
     * 是否开启防护
     */
    private boolean isDefend = true;

    /**
     * 首页
     *
     * @return
     */
    @GetMapping("/index")
    public String index() {
        return "index";//返回templates的结果
    }

    /**
     * 留言
     *
     * @param content
     * @param map
     * @return
     */
    @PostMapping("/postMessage")
    public String postMessage(String content, ModelMap map) {
        if (isDefend) {
            content = defend(content);
        }
        System.out.println(content);
        Message message = new Message();
        message.setCreateTime(new Date());
        message.setContent(content);
        int i = messageService.insert(message);
        if (i > 0) {
            map.put("result", "留言成功，管理员会及时与你联系！"); //添加结果 + content
        }
        return "index";//返回templates的结果
    }

    @GetMapping("/linktest")
    public String linktest(@RequestParam(defaultValue = "") String href, ModelMap map) {
        System.out.println(href);
        href = defend(href);
        //http: https; / 白名单
        //javascript: 黑名单
        String[] allowScheme = new String[]{"http://", "https://", "/"};
        for (int i = 0; i < allowScheme.length; i++) {
            if (href.startsWith(allowScheme[i])) {
                break;
            } else if (i == allowScheme.length - 1) {
                href = "";
            }
        }
        map.put("href", href);
        return "linktest";
    }

    private String defend(String content) {
        //第一轮预防
//        content = content.replaceAll("(?i)<script", "");
//        content = content.replaceAll("(?i)</script>", "");
        //其他html标签替换处理
        //第二轮预防
        content = content.replaceAll("&", "&amp;");
        content = content.replaceAll("<", "&lt;");
        content = content.replaceAll(">", "&gt;");
        content = content.replaceAll("\"", "&quot;");
        content = content.replaceAll("'", "&#x27;");
        //content = content.replaceAll("/", "&#x2F;");
        //content= StringEscapeUtils.escapeHtml4(content);
        return content;
    }

    @GetMapping("/test")
    @ResponseBody
    public String test() {
        return "Hello<table><tr><td>sfds</td></tr><tr><td>fsdf</td></tr></table>";
    }
}
